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DETAILED ACTION 

1. This is a non-final office action in response to the applicant's amendments filled 
on 06/13/206. 

2. The applicant amended independent claims 1, 4, 6, and 7. 

3. The applicant canceled claims 5, and 12-29. 

4. The applicant added claims 30-37. 

5. Claims 1-4, 6-11, and 30-37 are pending. 



Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 



7. Claims 1-4, 6-11, and 30-36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Huitema et al. (US Pat. No.: 2002/0073215) in view of Godwin et al. 
(US Pub No.: 2002/00133608). 
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As per claim 1 : 

Huitema et al. disclose a method for conveying a security context, comprising: 
issuing a first Internet Protocol version compliant packet (Page 1: 0014; 0015; 
0016; Figure 4); 

prepending an issued packet with a second Internet Protocol version header 

producing a second Internet Protocol version compliant packet (Page 1 : 
0014; 0015; 0016; Figure 4); 

wherein the first Internet Protocol version is different from the second Internet 
Protocol version (Page 1: 0014; 0015; 0016; Figure 4); and 

forwarding the second Internet Protocol version compliant packet to the recipient 
computer system (Figure 4: 420) 

the applicant admitted that in the background disclosure of the instant application 
that a Supernet identifier, a Channel identifier, and the virtual address and 
wherein data in the first Internet Protocol version compliant packet is 
encrypted using the Supernet identifier and the Channel identifier (Page 2: 
0005-0006; Page 3: 0007) 

Huitema et al. do not explicitly disclose obtaining a virtual address associated 
with a process executing on a recipient and first Internet Protocol comprising security 
context. Godwin et al. in analogous art, however, disclose a virtual address associated 
with a process executing on a recipient and first Internet Protocol comprising security 
context (Page 4: 0033, 0040, 0065, 0109). 
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Therefore, it would have been obvious to a person having ordinary skill in the 
art at the time the invention was made to modify the system disclosed by Huitema et al. 
to include a virtual address associated with a process executing on a recipient and first 
Internet Protocol comprising security context. This modification would have been 
obvious because a person having ordinary skill in the art would have been motivated to 
do so to provide a methods, systems and computer program products for providing 
Internet Protocol Security to a plurality of target hosts in a cluster of data processing 
systems which communicate with a network through a routing communication protocol 
stack utilizing a dynamically routable as suggested by Godwin et al. in (Page 4: 0033). 

As per claim 2: 

Huitema et al. disclose a method, wherein the first Internet Protocol version 
compliant packet is Internet Protocol version 6 compliant packet (Page 1: 0014; 0015; 
0016; Figure 4). 

As per claim 3: 

Huitema et al. disclose a method, wherein the second Internet Protocol version 
compliant packet is Internet Protocol version 4 compliant packet (Page 1: 0014; 0015; 
0016; Figure 4). 

As per claim 4: 

Godwin et al. disclose a method, wherein issuing the first Internet Protocol 
version compliant packet further comprises: 
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invoking a Supernet Attach Command on an authentication server daemon (Page 

7: 0075; Page 8: 0089); 
receiving, in response to the Supernet Attach Command, a Supernet configuration 

information comprising the security context (Page 7: 0075; Page 8: 0089); 

and 

registering a mapping of the Supernet configuration information with a virtual 
address daemon (Page 4: 0040-0044). 

As per claims 6 and 3 1 : 

Huitema et al. disclose a method, wherein the security context comprises a 128 bit 
unique value (Page 1:0003). 

As per claims 7 and 32: 

Neither Huitema et al. nor Godwin et al. explicitly teach that the security context 
comprised of a 16 bit set and a 112 bit set. However, using IPv6 packets, headers and 
addressing, it is obvious and very well known to those skilled in the art that the claimed 
bit partition to be comprised of a 16 bit set and a 1 12 bit set value for an intended purpose 
as evident in IPSec. 

As per claims 8 and 33: 

Neither Huitema et al. nor Godwin et al. explicitly teach that 16 bit set denotes a 
site local Internet protocol address comprising 12 bits for an address prefix followed by 4 
bits for a zero value. However it is obvious and very well known to those skilled in the 



Application/Control Number: 10/037,800 Page 6 

Art Unit: 2137 

art that denoting a 16 bit set to a site Internet protocol address comprising 12 bits for an 
address prefix followed by a b4 bit of a zero value for an intended purpose as it is evident 
in IPSec protocol. 

As per claims 9 and 34: 

Neither Huitema et al. nor Godwin et al. explicitly teach that the 112 bit set 
comprises contiguous bits for the Supernet identifier, the Channel identifier, and the 
virtual address. However, it is obvious and very well known to those skilled in the art that 
the 112 bit can be set to be contiguous and partitioned for the Supernet identifier, the 
Channel identifier, and the virtual address for the intended purpose as evidenced on the 
specification of the instant application (Page 8, Paragraph 0030). 

As per claims 10 and 35: 

Neither Huitema et al. nor Godwin et al. explicitly teach that 1 12 bit set comprises 
64 bits Supernet identifier, 24 bits Channel identifier, and 24 bits virtual address. 
However, it is obvious and very well known to those skilled in the art that the 112 bit can 
be set to be partitioned to 64 bits Supernet identifier, 24 bits Channel identifier, and 24 
bits virtual address for the intended purpose as evidenced on the specification of the 
instant application (Page 8, Paragraph 0030). 

As per claim 30: 

Huitema et al. disclose a method for processing a security context, comprising: 
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receiving a first Internet Protocol version compliant packet encapsulated by a 

second Internet Protocol version compliant packet (Page 1: 0014; 0015; 
0016; Figure 4); 

Protocol version compliant packet encapsulated by the second Internet Protocol 
version compliant packet (Page 1 : 0014; 0015; 0016; Figure 4); 

the applicant admitted that in the background disclosure of the instant application 
that a Supernet identifier, a Channel identifier, and the virtual address and 
wherein data in the first Internet Protocol version compliant packet is 
encrypted using the Supernet identifier and the Channel identifier (Page 2: 
0005-0006; Page 3: 0007) 

Huitema et al. do not explicitly disclose extracting the encrypted data and the 
security context from the first Internet and routing the decrypted data to a process in the 
recipient computer system using the virtual address and decrypting the data. Godwin et 
al. in analogous art, however, disclose extracting the encrypted data and the security 
context from the first Internet and routing the decrypted data to a process in the recipient 
computer system using the virtual address and decrypting the data (Page 4: 0033, 0040, 
0065, 0109; Page 4: 0035; Page 9:0093). 

Therefore, it would have been obvious to a person having ordinary skill in the 
art at the time the invention was made to modify the system disclosed by Huitema et al. 
to include extracting the encrypted data and the security context from the first Internet 
and routing the decrypted data to a process in the recipient computer system using the 
virtual address and decrypting the data. This modification would have been obvious 
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because a person having ordinary skill in the art would have been motivated to do so to 
provide a methods, systems and computer program products for providing Internet 
Protocol Security to a plurality of target hosts in a cluster of data processing systems 
which communicate with a network through a routing communication protocol stack 
utilizing a dynamically routable as suggested by Godwin et al. in (Page 4: 0033). 



As per claim 36: 

The applicant of this application suggested that any packet management 
infrastructure may be used, appreciated by those skilled in the art, to obtain security 
context from the stripped packet using a handler mechanism (Page 9, Paragraph 0031). 
Therefore, it is obvious and very well known to those skilled in the art that the security 
context is obtained from the stripped packet using a handler mechanism. 

8. Claim 37 is rejected under 35 U.S.C. 103(a) as being unpatentable over Huitema 
et al. (US Pat. No.: 2002/0073215) in view of Godwin et al. (US Pub No.: 
2002/00133608) in further view of Gang et al (Mobile IPv6 solution based on Linux 
Netfilter framework Dai Gang; Ma Yan; Info-tech and Info-net, 2001. Proceedings. ICII 
2001 - Beijing. 2001 International Conferences on Volume 5,29 Oct.-l Nov. 2001 
Page(s): 306 - 310 vol.5) 

As per claim 37: 
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Huitema et al. and Godwin et al. do not explicitly disclose the handler mechanism 
is Netfilter. However, Gang teaches that the handler mechanism is a Netfilter 
(Diagram2). Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed by Huitema et al. and Godwin et al. 
that the handler mechanism is Netfilter. This modification would have been obvious 
because a person having ordinary skill in the art at the time of the invention was made, 
would have been motivated to do so since it is suggested on the specification of the 
application itself (Page 8, Paragraph 0031) which this letter is addressing. . 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

See the notice of reference cited in form PTO-892 for additional prior art 

Contact Information 

10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Techane J. Gergiso whose telephone number is (571) 272- 
3784. The examiner can normally be reached on 9:00am - 6:00pm. If attempts to reach 
the examiner by telephone are unsuccessful, the examiner's supervisor, Emmanuel Moise 
can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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